Modern computing devices have become ubiquitous tools for personal, business, and social uses. As such, many modern computing devices are mobile and capable of connecting to various data networks, including the Internet and corporate intranets, to retrieve and transmit/receive data communications over such networks. Oftentimes, a user of a computing device may have network access restrictions based on their login credentials (i.e., username and password). Additionally, the user may have physical access restrictions based on a level of access granted to them via an access control system.
In a workplace environment, as an example, users in an employee capacity may have physical access restrictions at their place of employment (e.g., building, floor, etc.), which may be based on a variety of factors such as their employment position (i.e., job description). For example, in a research and development laboratory that includes Lab A and Lab B, where Employee A is assigned to Lab A and Employee B is assigned to Lab B, each of Employee A and Employee B may have access cards to scan upon entering their respective labs, which grants them access to their assigned labs and restrict access to labs which they are not assigned. In such a scenario, were Employee B able to acquire Employee A's access card, Employee B could have unfettered access to Lab A. In a similar example, where Employee A is further assigned Mobile Computing Device A and Employee B is further assigned Mobile Computing Device B, were Employee B able to acquire Employee A's login credentials, Employee B could use Employee A's login credentials on Mobile Computing Device B to access confidential files, making it appear as though Employee A was the one who accessed the confidential files. Masking one mobile computing device (e.g., ghosting a network interface card (NIC), machine access control (MAC) address, internet protocol (IP) address, etc.) to appear as another mobile computing device in software is a fairly simple process, which makes it difficult to identify a user by the MAC or IP address associated with a mobile computing device used for malicious purposes.
Further, the mobility afforded users of mobile computing devices with access to a public or private wireless network may allow the users to access the wireless network without needing physical access to a particular location (e.g., a restricted location), which could otherwise be readily identifiable and locatable. Additionally, a user with malicious intent (e.g., a “paid-off” employee, a disgruntled former employee, a “black hat” hacker, a cracker, or the like) having access to the wireless network may use their own mobile computing device on the wireless network for malicious behavior (e.g., port-sniffing, obtaining otherwise protected documents, etc.) without needing to access an easily locatable wired workstation. As such, pre-emptively detecting a user's attempt to access the network with an unauthorized mobile computing device or restricting the access of an authorized user on an authorized mobile computing device upon detection of malicious behavior is difficult using software defined characteristics of the mobile computing device.